We have 2016. This is not only sad but dangerously insecure and unfair to any customer (especially to unsuspecting ones that reuse passwords. But i hope I don't have to repeat all arguments for HTTPS)
In 2005 we already knew that HTTP and only using unsalted md5-hashes for transmitting/saving passwords was already a bad idea. But a company(one who calls itself publisher in software) who doesn't have a SSL-certificate for their public domain in 2016 just seems either totally incompetent, ignorant or both, it nearly makes me puke.
One from StartCom or Let's encrypt would totally suffice (probably even better than some you pay for, but that is another matter)
Nearly every 1-Human-Company in IT does this now. Why can't TopSolid?

(I finally understand your forum-reSTRICTions. If i watch my posts, it seems I am so angry, you probably would have been better off to lose all our customers, than have this publicity when the next Software Developer comes along and reads this. And since it seems you lose all our customers either way, I could understand from a morally disgusting viewpoint, how it would be feasible to delete my Account. This all is nearly as strange to me, as it is to you, believe me.)

Update: My perception of Missler and TopSolid goes uphill. And some of my anger was unwarranted. But apart from that, no HTTPS is still a big problem, in my humble opinion.